Eng | Add strong name validation to package validator (#2802) (#2807)

dotnet · Aug 22, 2024 · 212fdd0 · 212fdd0
1 parent 0092c03
commit 212fdd0
Showing 1 changed file with 36 additions and 1 deletion.
diff --git a/eng/pipelines/common/templates/jobs/validate-signed-package-job.yml b/eng/pipelines/common/templates/jobs/validate-signed-package-job.yml
@@ -103,6 +103,42 @@ jobs:
       nuget verify -All $(pathToDownloadedNuget)\*.nupkg
     displayName: 'Verify nuget signature'
 
+  - powershell: |
+      if($env:CDP_BUILD_TYPE -eq 'Official')
+      {
+          # Recursively find all .dll files in TempFolder (installed nuget folder)
+          # Microsoft.Data.SqlClient.dll and Microsoft.Data.SqlClient.resources.dll (in localized folders) should have strong name
+          $dllFiles = Get-ChildItem -Path $(TempFolderName) -Recurse -Filter *.dll
+          $badDlls = @()
+          foreach ($file in $dllFiles) 
+          {
+            # Run sn.k to verify the strong name on each dll
+            $result = & "C:\Program Files (x86)\Microsoft SDKs\Windows\*\bin\NETFX 4.8.1 Tools\sn.exe" -vf $file.FullName
+            Write-OutPut $result
+
+            # if thhe dll is not valid, it would be delay signed or test-signed which is not meant for production
+            if($result[$result.Length-1] -notlike "* is valid")
+            {
+              $badDlls += $result[$result.Length-1]
+            }
+          }
+          if($badDlls.Count -gt 0)
+          {
+            Write-OutPut "Error: Invalid dlls are detected. Chek below list:"
+            foreach($dll in $badDlls)
+            {
+              Write-Output $dll
+            }        
+            Exit -1
+        }
+        Write-Host "Strong name has been verified for all dlls"
+      }
+      else
+      {
+        Write-OutPut "Strong name verification is not required for non-official builds"
+      }
+    displayName: 'Verify strong name is generated for production'
+
   - powershell: |
       # Checks the expected folder names such as lib, ref, runtimes
       Get-ChildItem -Path $(extractedNugetPath) -Directory  | select Name | foreach {
@@ -205,7 +241,6 @@ jobs:
         }
       }
     displayName: 'Verify all DLLs unzipped match "expected" hierarchy'
-
   - powershell: |
       # Verify all dlls status are Valid